adding new security headers, fixes #765

This commit is contained in:
El RIDO 2021-04-16 19:19:11 +02:00
parent d727837324
commit 9e6eb50ced
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
2 changed files with 6 additions and 2 deletions

View File

@ -2,6 +2,7 @@
* **1.4 (not yet released)** * **1.4 (not yet released)**
* ADDED: Translation for Estonian * ADDED: Translation for Estonian
* ADDED: new HTTP headers improving security (#765)
* **1.3.5 (2021-04-05)** * **1.3.5 (2021-04-05)**
* ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan * ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
* ADDED: Make the project info configurable (#681) * ADDED: Make the project info configurable (#681)

View File

@ -346,10 +346,13 @@ class Controller
header('Last-Modified: ' . $time); header('Last-Modified: ' . $time);
header('Vary: Accept'); header('Vary: Accept');
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader')); header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
header('Cross-Origin-Resource-Policy: same-origin');
header('Cross-Origin-Embedder-Policy: require-corp');
header('Cross-Origin-Opener-Policy: same-origin');
header('Referrer-Policy: no-referrer'); header('Referrer-Policy: no-referrer');
header('X-Xss-Protection: 1; mode=block');
header('X-Frame-Options: DENY');
header('X-Content-Type-Options: nosniff'); header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: deny');
header('X-XSS-Protection: 1; mode=block');
// label all the expiration options // label all the expiration options
$expire = array(); $expire = array();